You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
2.3 KiB
75 lines
2.3 KiB
From d78bf5ab1f5c8102b2b6051cfb1198488be9597d Mon Sep 17 00:00:00 2001 |
|
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
|
Date: Mon, 26 Sep 2016 19:48:36 +0300 |
|
Subject: [PATCH] Use system crypto policy by default |
|
|
|
--- |
|
raddb/mods-available/eap | 2 +- |
|
raddb/mods-available/inner-eap | 2 +- |
|
raddb/sites-available/abfab-tls | 2 +- |
|
raddb/sites-available/tls | 4 ++-- |
|
4 files changed, 5 insertions(+), 5 deletions(-) |
|
|
|
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap |
|
index 94494b2c6..9a8dc9327 100644 |
|
--- a/raddb/mods-available/eap |
|
+++ b/raddb/mods-available/eap |
|
@@ -912,7 +912,7 @@ |
|
# Note - for OpenSSL 1.1.0 and above you may need |
|
# to add ":@SECLEVEL=0" |
|
# |
|
- # cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2" |
|
+ # cipher_list = "PROFILE=SYSTEM" |
|
|
|
# PAC lifetime in seconds (default: seven days) |
|
# |
|
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap |
|
index 2b4df6267..af9aa88cd 100644 |
|
--- a/raddb/mods-available/inner-eap |
|
+++ b/raddb/mods-available/inner-eap |
|
@@ -68,7 +68,7 @@ eap inner-eap { |
|
# certificates. If so, edit this file. |
|
ca_file = ${cadir}/ca.pem |
|
|
|
- cipher_list = "DEFAULT" |
|
+ cipher_list = "PROFILE=SYSTEM" |
|
|
|
# You may want to set a very small fragment size. |
|
# The TLS data here needs to go inside of the |
|
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls |
|
index 5dbe143da..46b5fea78 100644 |
|
--- a/raddb/sites-available/abfab-tls |
|
+++ b/raddb/sites-available/abfab-tls |
|
@@ -19,7 +19,7 @@ listen { |
|
dh_file = ${certdir}/dh |
|
fragment_size = 8192 |
|
ca_path = ${cadir} |
|
- cipher_list = "DEFAULT" |
|
+ cipher_list = "PROFILE=SYSTEM" |
|
|
|
cache { |
|
enable = no |
|
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls |
|
index cf1cd7a8a..7dd59cb6f 100644 |
|
--- a/raddb/sites-available/tls |
|
+++ b/raddb/sites-available/tls |
|
@@ -197,7 +197,7 @@ listen { |
|
# Set this option to specify the allowed |
|
# TLS cipher suites. The format is listed |
|
# in "man 1 ciphers". |
|
- cipher_list = "DEFAULT" |
|
+ cipher_list = "PROFILE=SYSTEM" |
|
|
|
# If enabled, OpenSSL will use server cipher list |
|
# (possibly defined by cipher_list option above) |
|
@@ -499,7 +499,7 @@ home_server tls { |
|
# Set this option to specify the allowed |
|
# TLS cipher suites. The format is listed |
|
# in "man 1 ciphers". |
|
- cipher_list = "DEFAULT" |
|
+ cipher_list = "PROFILE=SYSTEM" |
|
} |
|
|
|
} |
|
-- |
|
2.13.2
|
|
|